Go Back  FlyerTalk Forums > Miles&Points > Airlines and Mileage Programs > Delta Air Lines | SkyMiles
Reload this Page >

Useless address/DoB verification on the support line?

Useless address/DoB verification on the support line?

Reply

Old Dec 5, 18, 10:44 am
  #1  
Original Poster
 
Join Date: Feb 2017
Programs: DL DM, UA Gold, AA Gold, Alaska MVP, SPG Plat
Posts: 1,458
Thumbs down Useless address/DoB verification on the support line?

Delta started a few months ago occasionally asking for "verification" on the customer service line (specifically the Diamond line in my case, but I assume it is the same for others). The verification is pointless and always consists of semi-public and non-changeable information (date of birth, address). This information is either publicly available via Google or essentially publicly available via person lookup services online that are either free or costs cents per lookup. In other words, anyone who is actually trying to commit fraud would easily be able to collect this information.

When asked for this information (especially when out in public) I used to HUCA. But as of this week, it seems like all agents are being closely monitored to collect this information. In order to get my seat assigned (not even a flight change, just a seat assignment from no assignment at all), I ultimately had to talk to a supervisor to get the change done without this useless verification step.

I am not against verification of identity, but it should be done either transparently (e.g., biometric voice identification) or using verification approaches that are actually non-public and even more important changeable (whether that is a pin code, a confirmation number, or similar). This is just a useless step that adds no value and ends up with me having to shout my date of birth and address out in public on occasion.

Are others having similar experiences?
ethernal is offline  
Reply With Quote
Old Dec 5, 18, 11:11 am
  #2  
 
Join Date: May 2010
Posts: 2,153
To be followed by the "Delta doesn't do anything and my account was hacked" rant.

Pick your poison they are "Dammed if they do and dammed if they don't" LOL!

And what's really hysterical is that you first claim the data is readily available to anyone, but then refuse to give it out in public so it won't be compromised. (Here's an idea, just walk away to someplace away from people)

(Do we have a daily prize for "useless rant of the day" Have we considered this award?)
Orange County Commuter is offline  
Reply With Quote
Old Dec 5, 18, 11:13 am
  #3  
Original Poster
 
Join Date: Feb 2017
Programs: DL DM, UA Gold, AA Gold, Alaska MVP, SPG Plat
Posts: 1,458
Originally Posted by Orange County Commuter View Post
To be followed by the "Delta doesn't do anything and my account was hacked" rant.

Pick your poison they are "Dammed if they do and dammed if they don't" LOL!

(Do we have a daily prize for "useless rant of the day" Have we considered this award?)
I am all for Delta doing what is needed to confirm identities to help protect accounts. I am against useless identity verification that serves no purpose. This falls into the latter, not the former.
ethernal is offline  
Reply With Quote
Old Dec 5, 18, 11:14 am
  #4  
 
Join Date: May 2010
Posts: 2,153
Originally Posted by ethernal View Post
I am all for Delta doing what is needed to confirm identities to help protect accounts. I am against useless identity verification that serves no purpose. This falls into the latter, not the former.
Haven't you noticed the Thousands Standing Around doing useless identity verification? (Because after all a terrorist would only fly under their own name that's on the watch list, it would never occur to them to steal your wallet!)
Orange County Commuter is offline  
Reply With Quote
Old Dec 5, 18, 11:19 am
  #5  
 
Join Date: May 2009
Location: Seattle, WA
Programs: Alaska MVP Gold, DL Diamond 1MM, UX Suma Gold, Marriott/Starwood Gold, Avis Preferred, Hertz PC
Posts: 2,935
Yes, Iíve noticed this is now standard practice for all of my recent calls in the last week or so. Previously, it was only required when I was calling from a number that was not on file, or when I was affecting a reservation other than my own. I suspect theyíve had a rash of incidents where the outbound number was spoofed (which is, of course, very easy to do) and no longer trust that data point.

Delta doesnít currently have the concept of a phone PIN. They probably should, and maybe they are even working on one as a result of a recent spike in account security issues while they implemented this policy as a stopgap measure...

Birth date isnít ideal, but itís the one thing they already have on file that wouldnít be immediately obvious to a hacker who had compromised someoneís email account. Itís not going to stop everyone, but itís marginally better than useless as a first pass filter. Iím not sure thereís anything else they /can/ use without starting a new effort to collect additional information from customers.

Since this appears to be a new blanket policy, your best bet is probably to raise your valid concerns about the policy effectiveness with the customer care team, while still providing the information to front line agents who are just trying to do their job.
BenA is online now  
Reply With Quote
Old Dec 5, 18, 11:34 am
  #6  
Original Poster
 
Join Date: Feb 2017
Programs: DL DM, UA Gold, AA Gold, Alaska MVP, SPG Plat
Posts: 1,458
Originally Posted by BenA View Post
Yes, Iíve noticed this is now standard practice for all of my recent calls in the last week or so. Previously, it was only required when I was calling from a number that was not on file, or when I was affecting a reservation other than my own. I suspect theyíve had a rash of incidents where the outbound number was spoofed (which is, of course, very easy to do) and no longer trust that data point.

Delta doesnít currently have the concept of a phone PIN. They probably should, and maybe they are even working on one as a result of a recent spike in account security issues while they implemented this policy as a stopgap measure...

Birth date isnít ideal, but itís the one thing they already have on file that wouldnít be immediately obvious to a hacker who had compromised someoneís email account. Itís not going to stop everyone, but itís marginally better than useless as a first pass filter. Iím not sure thereís anything else they /can/ use without starting a new effort to collect additional information from customers.

Since this appears to be a new blanket policy, your best bet is probably to raise your valid concerns about the policy effectiveness with the customer care team, while still providing the information to front line agents who are just trying to do their job.
I'm trying to understand the vectors for attack that would get the attacker far enough along to try to do something fraudulent (something that has to be beneficial to the person committing fraud - so I assume moving SkyMiles or booking tickets using a credit card on file) that would be stopped by this mechanism.

The only vector I can see that this stops is someone finding a SkyMiles number randomly with no other information and then calling in and try to muddle through the prompts using that identifier. Once have someone's phone number or full name and city you've lost any value of this as a filter, except in the incredibly unlikely circumstance that your personal information hasn't been logged, packaged, and sold to an information reseller. you

Maybe complete amateur hour attacks done opportunistically? But usually this type of fraud is relatively industrialized and not like a casual credit card thief.

Agree that a phone PIN would be ideal.
ethernal is offline  
Reply With Quote
Old Dec 5, 18, 12:15 pm
  #7  
 
Join Date: Oct 2016
Posts: 153
I haven't called in a couple months but the first time I experienced this "verification" was actually on Twitter, and it so confused me I made a call instead. The agent on the line also requested it but I was a lot more comfortable giving it over the phone than as a surprise Twitter request.

Be disappointed if it happens on all calls now. Perhaps it has something to do with the Marriott/SPG hack — are the data points they're asking for ones which aren't supposed to have come out of those databases?
gregsfortytwo is offline  
Reply With Quote
Old Dec 5, 18, 12:34 pm
  #8  
Moderator, Delta SkyMiles & FlyerTalk Evangelist
 
Join Date: Jun 2001
Programs: DL 1 million, AA 1 mil, UA Silver, HH lapsed Diamond, SPG Plat
Posts: 27,166
Originally Posted by ethernal View Post
I am not against verification of identity, but it should be done either transparently (e.g., biometric voice identification)...
Yeh, that'll work well via a cell phone in the car!

Look at how companies that have frequent customer contacts and real security concerns do this. Banks? Brokerage accounts? They ask for info on the phone. It's going to slow down every transaction and some people will do what some people frequently do.
3Cforme is offline  
Reply With Quote
Old Dec 5, 18, 12:41 pm
  #9  
Original Poster
 
Join Date: Feb 2017
Programs: DL DM, UA Gold, AA Gold, Alaska MVP, SPG Plat
Posts: 1,458
Originally Posted by 3Cforme View Post
Yeh, that'll work well via a cell phone in the car!

Look at how companies that have frequent customer contacts and real security concerns do this. Banks? Brokerage accounts? They ask for info on the phone. It's going to slow down every transaction and some people will do what some people frequently do.
Biometric voice ID works fine over cell phone connections. It's already used by almost every major bank today.

And as I said in the original post, I am not against verification. I am against useless verification (which this is). I have never once been asked prove my identity by a bank by giving an address, and only have I had to give a DOB when in conjunction with other identifiers.

If you have my phone number, then you have my address and date of birth. Full stop. So if a person is spoofing my phone number and then someone tries to use my address/DOB for verification.. they have verified nothing. This is true for 99% of people on this forum, especially in the era of persistent cell phone numbers.
ethernal is offline  
Reply With Quote
Old Dec 5, 18, 4:21 pm
  #10  
 
Join Date: Mar 2014
Location: JAX
Programs: DL SM, UA 1K, Hilton Gold, Marriott Gold
Posts: 3,467
You needed to call for a seat assignment?
TomMM is offline  
Reply With Quote
Old Dec 5, 18, 4:24 pm
  #11  
Original Poster
 
Join Date: Feb 2017
Programs: DL DM, UA Gold, AA Gold, Alaska MVP, SPG Plat
Posts: 1,458
Originally Posted by TomMM View Post
You needed to call for a seat assignment?
The last 1-2 rows of the plane are blocked from selection on the application / website / third party seat selectors - but there is an undocumented benefit that they will be unblocked for PM/DMs (i.e., you can get put in those seats). It's the only way I manage to snag window/aisle seats - otherwise I'd spend all my time in a middle seat.

This makes up about 80-90% of my call volume to Delta, the remainder pretty much being for SDC.
ethernal is offline  
Reply With Quote
Old Dec 5, 18, 7:36 pm
  #12  
 
Join Date: Jul 2009
Location: PDX
Programs: Delta Diamond & 2MM, Marriott Lifetime Platinum Premier, Hertz Pres Club, ICH Gold, *A Gold
Posts: 608
I've noticed this as well. I've been having to call quite a bit lately.

To cancel an award reservation they needed my 1st, middle & last name, DOB and address (including zip code). This is after calling from my mobile phone that Delta automatically recognized.
CO-PLAT is offline  
Reply With Quote
Old Dec 7, 18, 12:10 am
  #13  
 
Join Date: Nov 2007
Location: USA
Programs: Spoiled by Skywards
Posts: 1,614
Their current method is an insult to intelligence and inherently less secure.

I contacted Delta's head of IT and a designated subordinate acknowledged that the current procedure is suboptimal and alluded to some other form of two-factor identification being in the works.
Ysitincoach is offline  
Reply With Quote

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Thread Tools
Search this Thread
 
  • Ask a Question
    Get answers from community experts
Question Title:
Description:
Your question will be posted in: